README.rst

ThreatExpert XML -> MAEC XML Converter Script

Copyright (c) 2015 - The MITRE Corporation

BY USING THE THREATEXPERT TO MAEC SCRIPT, YOU SIGNIFY YOUR ACCEPTANCE OF THE TERMS AND
CONDITIONS OF USE. IF YOU DO NOT AGREE TO THESE TERMS, DO NOT USE THE SCRIPT.
For more information, please refer to the LICENSE.txt file.

v0.99 - BETA

Updated 02/10/2014

Overview

The software has two components: a stand-alone module (in threatexpert_to_maec/) and a command-line script that uses the module (threatexpert_parser.py). The software generates a MAEC Package from a ThreatExpert XML file. The module can also accept an MD5 hash of a known binary file, which it uses to query the threatexpert.com server to fetch the report for the binary.

generate_package_from_binary_filepath - given an binary filepath, return a python-maec Pacakge object (looks up the report from threatexpert.com by the binary's MD5)

set_proxies - optionally called to supply proxy information to the package; supplied as a dictionary like { "http": "http://example.com:80", ... }

About MAEC

Malware Attribute Enumeration and Characterization (MAEC™) is a standardized language for sharing structured information about malware based upon attributes such as behaviors, artifacts, and attack patterns.

The goal of the MAEC (pronounced "mike") effort is to provide a basis for transforming malware research and response. MAEC aims to eliminate the ambiguity and inaccuracy that currently exists in malware descriptions and to reduce reliance on signatures. In this way, MAEC seeks to improve human-to-human, human-to-tool, tool-to-tool, and tool-to-human communication about malware; reduce potential duplication of malware analysis efforts by researchers; and allow for the faster development of countermeasures by enabling the ability to leverage responses to previously observed malware instances. The MAEC Language enables correlation, integration, and automation.

Please visit the MAEC website for more information about the MAEC Language.